You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

Hello folks, did a search on the forums but was unable to come up with the answer (not to rule out I didn't try enough search terms). It's a pretty quick one though.

A friend of mine is giving me his old Macintosh (still don't know what year or "version". I know NOTHING about mac) and an old PC. I'm hoping the PC is at least a 386 or better.

Here's the scenario I'm trying to create and I THINK it would work.

We have a cable connection, DHCP IP from Road Runner. My parents have a couple computers so they will probably be using the D-link hardware router to get their IP's. (Unless I can convince them otherwise )
I currently get my IP from the router as well. What I want to do is setup the PC as a www/ftp server(Yes, I want three computers in my room), the mac box as a router / firewall, and my main "power" computer as my desktop use machine.
So, first question is, if I can put linux on the mac, I should be able to make it a router, right? Bigger question, is it feasable to have a router behind a router? The reason I ask, is the mac box won't be getting neccessarily a "public" ip. It gets a 192.168.0.* from the D-link router. and my machines PAST that will also need private internal addresses (right?).
I know the internet is basically a bunch of routers so I ASSUME it will work.
2. will that slow my connection down? Not worried too much about the web/ftp server because this is all just a learning process (I want to get some certifications and also be able to walk into job interviews and say, here's my website, check it out), but I play games (mostly Counter-strike) from my computer so ping from there IS an issue.
3. A DMZ is basically a non-firewalled area? What security concerns will I have if I put my mac box on a DMZ? I'll only have ports 80, 21, and 22(ssh) open, and only apache, ftp, and sshd running. Eventually I'll add qmail or some other mail server (What is everyon'es preference here and why?)

geez that's long, sorry! I try not to post too often and when I do, it's only to show how much of a I am.

Originally posted by dleidlein
So, first question is, if I can put linux on the mac, I should be able to make it a router, right? Bigger question, is it feasable to have a router behind a router? The reason I ask, is the mac box won't be getting neccessarily a "public" ip. It gets a 192.168.0.* from the D-link router. and my machines PAST that will also need private internal addresses (right?).

You can do it. The best way will b eprobably to give the machines 'in' private addresses from different subnet than the 'main' network (192.168.1.x for example). And you'll probably need NAT (masquerading, in fact) to map your local addresses to the one used by NIC connected to the hardware router. Or maybe you'll be able to configure the router to map both subnets..

Quote:

2. will that slow my connection down? Not worried too much about the web/ftp server because this is all just a learning process (I want to get some certifications and also be able to walk into job interviews and say, here's my website, check it out), but I play games (mostly Counter-strike) from my computer so ping from there IS an issue.

You shouldn't notice any performance loss.

Quote:

3. A DMZ is basically a non-firewalled area? What security concerns will I have if I put my mac box on a DMZ? I'll only have ports 80, 21, and 22(ssh) open, and only apache, ftp, and sshd running.

In your network there's not much need to DMZ. You should simply install firewalls on all machines and update them regularly.

Quote:

Eventually I'll add qmail or some other mail server (What is everyon'es preference here and why?)

I use qmail for most installs and like it. Just installed postfix on a new server (to try something different) and I must say it's also nice and probably easiest to install than qmail. So I'll recommend postfix as your first installation, then you can play with qmail

In your network there's not much need to DMZ. You should simply install firewalls on all machines and update them regularly.

The reason I ask this is I saw a quote somewhere saying that your firewall should have nothing else running on it.....And on win machines, firewall software seems to hog up resources. I know there's never 100% security but is the difference between having my router block all traffic except ports ** forwarded to the web server, and having that PLUS a firewall on each computer going to do anything? How "intensive" is IPTABLES? as in CPU/memory utilization.

Quote:

The best way will b eprobably to give the machines 'in' private addresses from different subnet than the 'main' network (192.168.1.x for example).

Sorry, need a little clarification. Do you mean assign my desktop and the web server a 192.168.1.* address? Then have the linux router (which will have a "public" ip of 192.168.0.102) forward all traffic destined for 192.168.0.102 to 192.168.1.*? And I'm sure it's possible, but how would I have IPTABLES forward those ports I mentioned to a SPECIFIC IP? I think I want all RELATED,ESTABLISHED (so no inbound connections allowed) for my desktop (for gaming, no serving) and the same for the server, also forwarding ports 21, 22 , 25, 80, and 110 to the server.

Originally posted by dleidlein
The reason I ask this is I saw a quote somewhere saying that your firewall should have nothing else running on it.....And on win machines, firewall software seems to hog up resources. I know there's never 100% security but is the difference between having my router block all traffic except ports ** forwarded to the web server, and having that PLUS a firewall on each computer going to do anything? How "intensive" is IPTABLES? as in CPU/memory utilization.

If you're firewalling 1Gbit Ethernet or you have very high traffic, you probably need quite powerful machine, but for normal network 486 would not have much to do..

Quote:

Sorry, need a little clarification. Do you mean assign my desktop and the web server a 192.168.1.* address?

Yes, also to one NIC on the Mac machine.

Quote:

Then have the linux router (which will have a "public" ip of 192.168.0.102) forward all traffic destined for 192.168.0.102 to 192.168.1.*? And I'm sure it's possible, but how would I have IPTABLES forward those ports I mentioned to a SPECIFIC IP? I think I want all RELATED,ESTABLISHED (so no inbound connections allowed) for my desktop (for gaming, no serving) and the same for the server, also forwarding ports 21, 22 , 25, 80, and 110 to the server.

Hello.
well, i gave up on all the howtos/guides/thingys out there... i know i should be a simple thing but i cannot get it right...
well, first, i was having a web/ftp/ssh/smtp/imap server on one place qhere i got a static ip address directly to the internet. because o changing locations, now i got a dinamic ip address and over all behind a dlink dl-724p+ wireless router (the server is wired).
well, i'veconfigured my router to:
1st) used the DDNS to set my router address up on no-ip (it did change the address and i can ping my router from the intenet)
2nd) i put a DMZ, (i guess, i'm nor really sure since it do nothing, i couldnt see any diferences at all) by selecting DMZ on my firewall and specifying the internal ip address of my web/ftp... server.
3rd) from there i tryied putting a virtual host, using my internal ip address, and the ports for web/ftp/ssh/smtp/imap services to be redirected to the web/ftp/ssh... server, but no luck, still got timeout on any service.
4th) cheked that there wasnt any firewall bloking those ports... none found.
5th) installed no-ip DUC for linux on the server, and deselect the DDNS... nothing...
6th) Tryied another router, to check if that was the problem... same thing...
6th) i cheked that the services were running... Localhost-> Ok!... LAN-> OK!... Ping from router-> OK!... from outside router-> Fail! my common sense said that the problem is the router not redirecting the services to the designated address or so, if there is any kind man arround, that could giveme a fool-proof guide to install this server behind the router and visible from outside, please letme know, got many sites hosted on this "host" and every day that passes is worst. please help.
Thanks.